Hello, fellow PowerShell Engineers! I hope this finds you well on Memorial Day here in the US. I contemplated sending this out later, but if you’re like me - PowerShell is every day!

PowerShell Tip

Use Get-ChildItem with the -Recurse and -Filter parameters to quickly find files across directory trees.

Instead of manually navigating folders, you can search for specific file types like this:

Get-ChildItem -Path C:\Projects -Recurse -Filter "*.log" | Select-Object FullName, LastWriteTime

This command searches all subdirectories under C:\Projects for .log files and shows their full paths and last modified dates. You can also pipe the results to other commands - for example, to delete all .tmp files older than 30 days:

Get-ChildItem -Path C:\Temp -Recurse -Filter "*.tmp" | Where-Object {$_.LastWriteTime -lt (Get-Date).AddDays(-30)} | Remove-Item

The -Filter parameter is faster than using Where-Object for simple pattern matching, so use it when you can for better performance on large directory structures.

Videos

Tech with Daro shows how to use PowerShell and Robocopy to move files:

Orin Thomas has a great video on understanding the Windows Server Event Log.

Andrew Pla sits down with Microsoft MVP, Justin Grote, to talk about making fast tools and better workflows.

Community News & Projects

The big news of the week came from Yuval Gordon at Akamai, who exposed a vulnerability in Active Directory on Windows Server 2025. In his post, “BadSuccessor: Abusing dMSA to Escalate Privileges in Active Directory” he outlines how Windows Server 2025's new delegated Managed Service Account (dMSA) feature that allows attackers to compromise any user in Active Directory, including Domain Admins. The attack exploits the dMSA migration process by manipulating two attributes (msDS-ManagedAccountPrecededByLink and msDS-DelegatedMSAState) on any dMSA object to simulate a completed migration, tricking the Key Distribution Center into granting the attacker's dMSA all permissions of any target account without requiring actual migration or verification. What makes this particularly dangerous is that it works with default configurations, affects 91% of examined environments where users outside Domain Admins have the necessary permissions, and can be triggered by anyone with basic "CreateChild" permissions on any organizational unit—a commonly granted, seemingly benign permission that allows attackers to create new dMSAs and achieve domain domination.

https://www.akamai.com/blog/security-research/abusing-dmsa-for-privilege-escalation-in-active-directory

Russell Smith, from Petri, goes over key announcements from Build 2025: Microsoft's latest Windows 11 update introduces Administrator Protection, a new security feature that enhances local admin account safety by isolating elevated applications and requiring authentication for each use, reducing token theft risks. Additionally, Microsoft is open-sourcing parts of the Windows Subsystem for Linux (WSL) to boost developer involvement, while retaining some closed-source elements. In Microsoft 365, two major Copilot enhancements were announced: low-code Copilot Tuning for customizing AI behavior and multi-agent orchestration for managing collaborative workflows across AI agents.

https://petri.com/podcast/windows-11-gets-a-big-security-upgrade/

Michael Epping, has a great write-up on Considerations for Remote Desktop Connections in a phishing-resistant passwordless authentication deployment in Microsoft Entra ID on Microsoft Learn.

https://learn.microsoft.com/en-us/entra/identity/authentication/how-to-plan-rdp-phishing-resistant-passwordless-authentication?tabs=rdp-session-auth

Harm Veenstra has a great post on using the convert module in PowerShell. Convert is a PowerShell Module that simplifies object conversions by exposing common requirements as standard PowerShell Functions. For example, this module includes functions for converting to and from Base64 encoded strings, MemoryStream objects, or Clixml output.

https://powershellisfun.com/2025/05/23/using-the-convert-module-in-powershell/

https://github.com/austoonz/Convert

AI Shell Preview 4 is here - the development team behind AI Shell has rolled out a new preview release packed with user-requested enhancements designed to streamline workflows and broaden platform compatibility.

The latest update centers on three key areas of improvement. Users can now access Azure OpenAI deployments more seamlessly, addressing one of the most frequently requested features from the community. The release also introduces significant enhancements to the Invoke-AIShell command, making it more robust and user-friendly for daily operations.

Perhaps most notably for Mac users, this release expands compatibility with macOS, bringing AI Shell's capabilities to a wider range of developers and system administrators who have been waiting for native support on Apple's platform.

The preview release represents the team's commitment to incorporating user feedback into product development, with each enhancement directly addressing pain points and feature requests submitted by the AI Shell community. Users interested in testing the new capabilities can access the preview release through the standard distribution channels.

https://devblogs.microsoft.com/powershell/preview-4-ai-shell/